Posted
by
timothy
on Thursday January 24, 2002 @04:48PM
from the thank-you-please-pay-again dept.

phillymjs writes: "A co-worker of mine resigned today. His new job at Comcast: Hunting down 'abusers' of the service. More specifically, anyone using NAT to connect more than one computer to their cable modem to get Internet access- whether or not you're running servers or violating any other Acceptable Use Policies. Comcast has an entire department dedicated to eradicating NAT users from their network. We knew this was coming since this Slashdot article from two months ago, but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday, and I'll be cancelling my Comcast cable modem early next week." Earthlink and Comcast have both been advertising lately their single-household, multi-computer services (and additional fees) -- probably amusing to many thousands of broadband-router owners, at least until the cable companies really crack down.

I can almost guarantee the first thing their
scanners will do is dramatically cut down the
scan time and horsepower needed by scanning only
responsive hosts.

my nat box passes and returns nothing except
22/tcp - fixed!

they will not have the manpower, computing power,
or budget to scan every computer on their network
to eliminate the tiny percentage using NAT when
NAT will not save them shitloads of money if
eridicated completely.

the people they WILL target fiercely will be those
using 20 people worth of bandwidth connecting on
kazaa ports 24/7

and yes, I am *very* close to a few insiders in
high places at comcast.net and not just spouting BS

NAT leaves some traces in the datastream. Especially the high port numbers of a Linux system doing masquerading with the default settings could ring a bell. Other options are operating system fingerprinting. If you see a Linux system using the ip but other traffic carries Windows characteristics, that may be a hint.

So, what are the methods they use, and how can I make it more difficult for them to tell if I have a machine running NAT?.

I don't know. But let me take a crack at guessing the methods which an ISP would use to detect NAT.

O/S Fingerprinting. First and foremost, narrow down your suspect list. Find all the Linux boxes; these will have a higher incidence of NAT because Linux actually packages this feature. Try to develop a fingerprint list for hardware based NAT appliances and any Windows application that can grant NAT ability.

TCP Sequence Numbers. Many TCP stacks (cough Windows cough) have a predictable or semi-predictable TCP Sequence Number pattern. Running multiple copies of one of these stacks (say, two 98 boxes) behind a NAT box would allow an intelligent hueristic to detect multiple TCP stacks. Most of NAT happens at the IP layer, so sequence numbers are not rewritten.

TCP Source port. NAT-P (it has a couple names) involves correlating inbound TCP packets to the appropriate local host by port, and then rewriting the port field. There is no attempt made to randomize this source port field selection and a clever heuristic could probably fingerprint it.

i've probably dropped a few details here, so feel free to flame me with corrections. that aside, i can see a new open source project brewing: Stealth NAT. A NAT implementation that will rewrite TCP sequence numbers and randomize anything else that would give the impression that multiple machines were in use.

they'll probably start by O/S fingerprinting the NAT enabled hardware gateways you can get at buy.com for $150.

they'll probably start by O/S fingerprinting the NAT enabled hardware gateways you can get at buy.com for $150.

That would be a distinctly stupid thing to do. So, anyone who has a laptop computer and an 802.11b access point that NATs is automatically some kind of AUP-violating scofflaw? I guess those millions of Apple AirPorts already deployed don't matter to them?

Find all the Linux boxes; these will have a higher incidence of NAT because Linux actually packages this feature.

Last I looked, Windows comes with "Internet Connection Sharing" and a control panel to turn it on with one button click. Linux requires daunting knowledge of IP networking and the iptables tools.

This whoel subject is completely stupid. What if I have roommates who all use one computer via serial terminals? NCD terminals? That isn't NAT because I only have one host, but dozens of people can use those services via getty or X11. So WTF is the difference?

(ring ring ring)
a)Hello?
b)We're with Comcast. We found that you are using multiple computer over your connection via NAT. Comcast is fining you for TOS violation and your new rate is now $150/mo
c) But i'm not
d) We have blah blah blah proof that you are
e) No, I just run virtual machines on my one system. It the same computer, just running different operating systems at the same time. I was running my completely-approved MacOS with Virtual-PC open to Win98 which was running VMWare with Linux as a kind of side project to see how running a virtual machine in an emulator affects performance.
f) oh
(click)

They can't differentiate if you have multiple machines or one machine with multiple OS's unless you NAT a LOT of machines....

b)We're with Comcast. We found that you are using multiple computer over your connection via NAT. Comcast is fining you for TOS violation and your new rate is now $150/mo

My reply: "Fine, I want to cancel the service right now."

When I cancelled AT&T's cable modem service the order droid basically begged me to stay. "I'll even give you 6 months of a special promo pricing." Fe. What good is special pricing when the service no longer works for 7-day stretches 'cause they screwed up something at their end and refuse to even have a look until they can schedule a needless "service call". The loudest message someone can send a company is to quit doing business with them.

I'm guessing that our friends at LinkSys, sensing the threat to their revenue from the sale of devices that allow people to screw ISPs, are going to simply add some features to their routers that prevent detection, and we have another round of escalation in the network arms race.

However, I think that eventually, flat-rate ISP pricing is going to go away, no matter how much people protest. We're addicted like crack-whores now.

Ok, I'll bite. How does the number of computers "screw" the ISP. They don't need any additional IP resources/addresses (assuming your home LAN is set up as a private network) and I can just as easily use the maximum bandwidth with one computer as I can with 10.

I can see charging per MB or GB transferred, but I can't agree that those running a home network behind a Linksys (or similar) cable modem hub/router are somehow screwing the ISP.

I guess "screw" was rather inflammatory - I should have enclosed it in quotes - since this is the implied attitude of the ISP. I don't believe that it's in any way screwing the ISP - in fact, I NAT myself. I think they should charge a scale for bandwidth myself (within reason) that way, on a normal month, I probably wouldn't pay as much.

The only way this is "screwing" the ISP - is that it's more "screwing with" because the service agreement specifically states (in most cases) "a single machine".
What's next. a limit on dual CPU machines?

By having more than one computer (read more that one person) connected to the same cable modem you are raising the actual contention level of the connection.

Broadband ISPs calculate a contention level - although they limit you to a certain bandwidth, say 512kbps and have, say 2000 customers, they probably don't have a 1 Gigabit backbone connection.

That is to say that if all 2000 customers were to initiate a download they wouldn't get the 512kbps they pay for.

If the ISP has an advertised contention ratio of 50:1 then this scenario means that the 2000 customers are connected to a 20Mbps backbone.

It means that only 1 in 50 customers are using their bandwidth quota at any one time.

Now, by employing NAT (via 802.11b for instance) and possibly selling it on (or just sharing the cost) customers are also raising the contention level and effectively raising the chance that other customers will not get their quota of 512kbps.

My personal opinion is that NAT itself is not the problem, sub-leasing your Internet connection in any way is.

i've probably dropped a few details here, so feel free to flame me with corrections. that aside, i can see a new open source project brewing: Stealth NAT. A NAT implementation that will rewrite TCP sequence numbers and randomize anything else that would give the impression that multiple machines were in use.

OpenBSD [openbsd.org]
can actually already do this: it's called the
modulate state directive to the pf
packet filter. From what I can tell, it works
under NAT and bridged filtering as well as straight
routing-type filtering.

Basically, what modulate state does is
rewrite TCP initial sequence numbers using the same
cryptographically strong randomness OpenBSD uses
for its own sequence numbers. For more information, check out the "STATE
MODULATION" section in the
pf.conf [openbsd.org] manpage.

On the contrary. Having a bunch of nodes behind an OpenBSD NAT firewall with state modulation should, it seems to me, look the same to an outside observer as having a single OpenBSD node.

Nevertheless, the documented point of state modulation isn't to hide the fact that you're doing NAT. It's to correct for the fact that many operating systems pick initial sequence numbers poorly, and are thus vulnerable to
sequence prediction attacks [bindview.com]. So there may well be ways to tell the difference -- though it would surprise me.

In the end, though, I agree with the sentiment expressed elsewhere under this topic: that ISPs are misguided in trying to penalize intelligent use of their services, but also that users are misguided in playing hide-and-seek with bad ISPs' policy enforcement rather than choosing more honest and professional ISPs.

Don't you just love it when someone has already done the hard work [sourceforge.net] for you? This package was specifically written to fool O/S fingerprinting, at least at the smartness level of nmap anyway. Start to check the services, and then you can really work out what the box is....

so if the TTL by default starts at all 1's (255) then a machine behind a NAT box would consistently report a TTL of 254 to the upstream router. that's a VERY good indicator.

man, stealth NAT sounds like a fun project. it also sounds like something that would piss off large corporations if released as open source. i haven't gotten to write something that fun in a long time...

MAC addresses don't stay the same across IP routing. When a gateway forwards a packet, the source MAC address is the address of the gateway's interface, and the destination address, if the destination host is not directly on that network, is the next gateway's MAC address.

They contract a couple of techies for finding people using multiple computers on one cable connection.

They advertise that they are checking it - preferably through word-of-mouth (or something that looks like word-of-mouth)

They catch one or two people and show them as examples

They manage to scare a couple of idiots into buying their extra-price service where the only differences are probably the removal from the contract of the line that says you cannot use multiple computers and a bigger price.

Come to think of it, if 2) is properly done you don't even need 1).

It's the same principle used in law-enforcement:
Make people believe that if they break the law:

It's very likely that they get caught

If they do get caught the punishment is hard and certain

(As a side note i believe that the big difference in driving styles between mediterranean countries and northern europe countries with similar driving laws, is due to different perceptions of the answers to the "will i get caught?" and the "if i get caught will i get punished?" questions).

on their webpage that can only be accessed when you'r on their network ( a this webpage providing usefull information like your month quota ), there's a client script that send back your browser IP. That's it : if your ip is typical from a home subnet, you'r using NAT.

Funny what you learn when you actually read the articles.... I looked through (admittedly quickly) their TOS and Subscriber agreement, and saw nothing that prohibited NAT... the subscriber agreement also makes some refernce to connection multiple computers. Maybe I missed it, I dunno, but I saw nothing.

They did have a restriction against running a dial-up server or running a router to your neighbor's apartment... while that's still a silly restriction, at least it's one that most other ISP's have for home use. Maybe that's what they're cracking down on.

Just makes no sense to crack down on simple home LAN NAT... you'd piss off more customers than you could hope to recoup by charging extra. Not that stupidity ever stopped a cable company from trying something, of course. But I can't see it lasting.... just too expensive to police for what it returns.

Good Ol' MediaOne in Massachusetts was the best... they'd let you run whatever you wanted, web servers, mail servers. A couple of people even set up NNTP servers just for the hell of it.

Yeah, if they really want to stop bandwidth hogs, why did they not just make the Cable modem also be a bandwidth limiter!!!!!
"No that would be too simple a solution! Besides it would cost the company millions!"

It's not like you can plug your computer into the cable system directly, you have to have a modem.

Yeah, if they really want to stop bandwidth hogs, why did they not just make the Cable modem also be a bandwidth limiter!!!!!

THEY DID!

Many users of cable systems are bandwidth limited, also called "capping," on at least their outbound traffic, and many also have their inbound traffic limited as well. Where I live RoadRunner has outbound speeds limited from 15k to 30k/s outgoing, depending on which loop you are on. Incoming is limited to 250k/s, though this is almost never achieved, even when the packets are originating at a major university, essentially, across the street, with only 4 hops between one box and the other.

I usually have about 6-7 different websites loaded at once, some have banner ad's that change, some don't.

2. Port forwarding to computers using different operating systems

I am allowed to have my own internal network, that is not illegal and because I add a machine that uses their service that port forwards for whatever reason; It's my port, I'll do with it as I please. So long as I don't abuse their service in any manner according to their "Abuse Legislation".

3. SMTP headers containing references to domain names used only by the LAN

See response to 2.

I really don't know how comcast plans to do it. I'm not a customer and wont ever become one but I'd really love to hear from comcast how they plan to do this because it would be revolutionary in hacking and spying on internal networks. Does anyone work for comcast?

Adelphia has it as part of their service agreement that you can have multiple devices on the network and the cable modem install techs will actually configure your linksys router for you when you sign up for the service.

How would they go about doing this, being that NAT makes all data coming in and out look as if it was coming from a single IP? They could try to look at bandwidth, but you could easily make the case that you were just downloading a lot from one pc. What practical techniques can be used to detect NAT, and what can be done to avoid them?

"We regret to inform you, Mr. Anderson, that you have three different people in your household using this computer to access the internet. Your bill will be adjusted accordingly."

That's the new XP feature, didn't you know that's why they put those fake user accounts in? Obviously if you and another person can share Word, you have two coppies and must pay subscriptions accordingly.

These greedy cable folks are going to be surprised when all of their customers drop their service. I know a faster browsing experience of an ever more comercial suck web is not worth $50/month to me.

Cox is forcing DHCP. I've had a fixed IP from at home for three years. For a short time I had DSL, but that died when I moved. Last week I got a cardboard toolbox with a letter and a CD in it. It warned me that I had to apply the software soon, using the authorization code printed in the letter, or lose service. The CD, needless to say, contained M$ and Mac binaries. Their web site had instructions that said, esentially DHCP, with forced swapping every 4 hours. It also says that they are going to discontinue the old equipment soon and a friend tells me the date is feb 15th.

WTF? They advertise "always on" IP. That means that they must have a 1:1 IP to cable box ratio, right? The only reason they are going this way is to twart people who want to actually use their connection for more than web mail, viewing the great corporate advert, and have their boxes broken by haxors.

So what do you think I'm going to do? That's right, I'm bailing. At home was just the first of these companies to go under. "Normal" people are neither going to trade their TVs for their computers nor pay $100/month for "entertainment". The rest of us expect more for $50/month than giant casino adds. No, I don't have cable TV, just the box. When it's over, Cox will be paying to maintian a line to my house that gives them zero revenue. If all I can do with the cable is surf, I'll reduce my monthly blead by $30/month and find a nice little dialup to do the same thing. Like normal people then, my wife will quit visiting sites that push huge adverts, and those places will lose out too. Poof, goodbye greedheads, I hope you all lose your shirts.

forced him to use PPP-over-Ethernet. It included a piece of (Windows) software that took care of "signing him on", and establishing a PPP connection

There is a Linux solution for this that will still allow you to run a router and NAT several computers behind it. The Roaring Penguin PPPoE client will establish the PPP connection on your firewall's external interface (DHCP is just fine, thanks) and you can use ifconfig to fake whatever MAC they registered for your account. Happy NATing:)

Okay everybody, let's all get upset, and write 450 comments saying how evil Comcast is, on the basis of an unverified, unverifiable claim, with no technical details.

This is not a story, let's not treat it as one. It'll be a story when somebody has copies of a letter explaining that their service was cut off, due to the use of NAT. In the meantime, I can tell you that the firewall on my comcast connection has received no new exploratory packets originating at comcast servers.

I am under the impression that they would be looking to prevent the use of NAT to provide services outside the residence-- as running servers is clearly defined and prohibited in their TOS and Subscriber agreement. So if you want to run servers, get a different service contract (not that I can find any alternatives listed on their site in the five minutes I spent looking).

This is from their FAQ:

Can I use the service on more than one computer?
Yes, customers with home networks may order additional network addresses in order to connect several computers to the service through one cable modem.

You must first subscribe to the basic Comcast High-Speed Internet Service.

Once you become a subscriber, you can sign up for a second and third address.

You will need to have access to network expertise because Comcast High-Speed Internet Service neither installs nor supports networks.

The cost is $6.95 per month for each additional outlet. Customers can have two additional addresses, for a total of three.

Comcast will install the network card and software on a second and third computer for a change of $49 for each computer.

Seems pretty tolerant of self-installed networks if you ask me, and they will do the work for you if you don't know how to do it yourself. It is also worth pointing out that they probably don't support Linux. And correct me if I'm wrong but does Windows even have the ability to turn one machine into a firewall the way you might do with ipfilter or ipchains on Linux?

They say you can use multiple computers *if* you pay them money for extra IP addresses.

Gosh, this is somewhat offtopic, but your post reminded me of a fortune 500 client I once dealt with. The MIS director (who had a remarkable resemblence to Dilbert's PHB) was bragging about how his company had purchased an ENTIRE CLASS A address block for only $15,000 from a consultant.

Not a bad deal at all, until I saw the network numbers... 10.0.0.0

The $15K was probably a fair consulting price for "introduction to RFC-1918".

I had assumed that though like this was basically on the way out. Most ISPs will say "We support one computer. If you wanna rig something else up to use more, don't expect us to support it". That's sort of fair, mostly.

Do you feel the same way about Microsoft? Most cable providers in the US enjoy a monopoly. Comcast may be the only option for broadband access for a large number of people who aren't close enough to their exchange to get dsl. One could argue that broadband is a "perk", and doesn't deserve protection but I don't agree.

As a side note, hooking up a cable/dsl router doesn't really qualify as l33tness in my book.

Seriously, when I signed up the agreement was that I would not provide service to anyone outside my residence, which is fair I guess. If they want to crack down on me doing something that is proper let them try, but I'm not going to back down from asserting my rights. Personally I don't see what options that have to crack down. Though I have heard that their switches remember your mac address now so if you change the computer/network card hooked up it takes a reset to get it working again:(

How can they possibly suggest that I'm NOT ALLOWED to run a firewall? Especially seeing as how the freaking cable networks some of the worst offenders on portscans etc...

Nah, you don't understand. You see, a computer is really like a TV and the fine folks at Comcast want to help you use it appropriately. You are not supposed to do anything but consume entertainment (and pay for it), so be a good boy and behave.

As to a firewall, you only need one if you run servers, right? And you are not supposed to run any servers, it's right there in your TOS... Just think of the computer as a TV, it helps. If you don't have any open ports, you don't need a firewall, right?

Whaddaya mean, Windows has open ports? Nope, couldn't be, Windows is a proper operating system and will not have such indecent thing as open ports, it's not like this hacker system, Lainuks. Just shut up and go away, will ya?

That these telcos and such were able to come correct and just advertise the services the actually offer and bill for them in a reasonable and deterministic way. An honest DSL provider would not sell you a 384->1500Kbps line and then bitch about you having more than one machine. The honest provider would sell you a service with a 384 kbps base rate for $x/month and $y/megabyte transfered above your base rate up to your burst limit at 1500kbps. For people who want their bill to be the same all the time, they would sell flat rate services at different speeds.

This is never going to happen of course, because this sort of service provision implies not only limits on the customer but also performance requirements on the part of the telco. I think we are stuck with "52 times faster than an ordinary modem" marketing and bad service forever.

What about setting up a linux machine and connect X-terminals to it, thus providing multiple users with internet access, but they are on the same machine. Or a windows terminal server. Or ssh in and run applications that are forwarded over X. Or port forwarding.

And, windows 98/ME does this automatically if you have a windows LAN with one computer connected to the internet, doesnt it?

They can catch the scumbags that get the cablemodem and then nat their entire apartment building, or the neighborhood but they will never catch a single family dwelling doing it. the ONLY way to detect it is to watch bandwidth and look for 60-70 connections coming out of that cablemodem. anything less will be false positives as just hitting some websites causes at least 10 connections to other servers for ad's popups, etc...

Besides, how is this going to fly with the AT&T policy of allowing it and even encouraging it? AT&T will gladly sell you a smc or linksys NAT/firewall... that constitutes encouraging it.

but they will never catch a single family dwelling doing it. the ONLY way to detect it is to watch bandwidth and look for 60-70 connections coming out of that cablemodem

Sorry, but this is 100% wrong. My brother-in-law was running NAT on a Linux firewall at home with a few PC's behind it and MediaGeneral shut him down. How? They snooped the User-Agent in the HTTP headers. It gives away quite a lot of information. They basically called him up one day and said, "Hi, we see you're running 2 Linux boxes and a Windows box behind a NAT. This is against our TOS so either a) pay us more money, b) shut them down or c) we will disconnect your service.

There are only a few ways around this and they all involve running a proxy server that can generate fake headers (like squid).

Since there are also other ways of detecting NAT with multiple sources (many enumerated above), I suggest you also take other precautions. Harden your firewall. Drop ALL inbound traffic (UDP and TCP) unless it can be correllated (stateful firewalling). Learn more about your IP stack.

And when they come for you, either lie with a real convincing story or pony up the $6.95/mo.

I told the guy I was using a router. He freaked. "OMG OMG HOW MANY COMPUTERS DO YOU HAVE?" he asked.

"Just one. I just trust hardware firewalls more than software ones. I don't want to get infected with a worm that would then lower ATTBI's bandwidth."

He then let me go on my way.

Now, this article is a case of "i know a friend of a friend who's doing this dispicable act!!!" so I'm not taking it to heart. And as for me, only my Linux box is on 24/7...My Windows box is a seperate box that's only up if I want to play EverQuest.:) So, if they had a way to scan my system, there's only one machine up.

This is interesting. I guess they're going to go after people running those custom firewall/NAT boxes. Now all these people will just have to plug their windows machine directly into the net.

As everybody else is wondering: how do they plan to ferret out NAT users? Go to everyone's home and count the number of computers? ComCast used to be such a nice service, it's a shame what they're doing to it. Lets count the ways they've made the service worse recently:

No VPNs. If you want to use a VPN you have to get a special "business" plan. Good luck finding anything about this plan on their website.

Upload/Download caps: We used to have wonderful bandwidth, and our local loop isn't even heavily taxed. Now we have an artifical bandwidth cap that does not appear to help us OR our neighbors.

No Newsserver. The usenet is a valuble resource, every ISP worth it's salt has usenet access. Comcast customrs (the ones that got switched over) do not.

Now this anti-NAT policy. I wondier if you will be able to find anything at all about this "I have a NAT" service on their website...

Still, even with all of these indiscresions, I'm inclined not to believe this story as is. There doesn't appear to be much actual evidence (has anyone been flagged for having a NAT yet?) to support the claims. Also, did the co-worker quit because the job is nigh-impossible? My hoax sense is tingling...

No Newsserver. The usenet is a valuble resource, every ISP worth it's salt has usenet access. Comcast customrs (the ones that got switched over) do not.

Actually this is exactly the kind of thing that needs to go away. If ISP's got rid of all the "value added" services and just provided an TCP/IP pipe, their costs would be low, and you wouldn't be locked in to their potentially crappy services. Of course they'd have to lower their prices to compensate...

You can get 2GB/month access to very fast news servers for $7 a month. The service is way better then any ISP's news server too. Doesn't it bother you that you're paying for all those extra services that you might not be using and you could easily provide yourself? I'm talking about things like e-mail and web hosting and news service, and DNS...

Consider this - a submission of the FoaF kind, no real evidence, but very much bound to bring an uproar among the/. regulars... The result - a pretty good list of things that can and cannot be done to accomplish the alledged NAT detection.

One way they could detect NAT boxes is by looking at the MAC address. I suspect that most/all NAT boxes use MAC addresses in a predictable range based on Manufacturer and model.
To avoid this, get the MAC address from an old NIC, or a machine that will never be connected to the subnet on the cable-modem system, and (assuming your NAT box supports MAC spoofing) configure your NAT box to use that IP address.

More likely than not, the providers are too stupid to do the necessary research, and will look at the high bandwidth users and do a packet sniff to see what their activity looks like.

Most consumer level NAT boxes, like, say, the Linksys Cable Modem Router thingy, have the ability to change the MAC on the external connection.

Why? Well, a lot of cable modem setups use DHCP or some similar system to assign an IP address to the computer hooked to the cable modem. When they install the thing, they put it on the computer. Then the customer comes in later, tries to hook up the NAT box, and finds that they can't get an IP because the server is giving out IP's by checking the MAC address of the requesting computer. So you change the MAC that the NAT box sends to the world to be the same as the computer they originally set it up on, the NAT box can then get the IP and forward all the data needed to the internal network. So checking the MAC won't get them anywhere because the MAC they get can be whatever the heck you want it to be.

I have a lot of sympathy for the ISP (hell, I am one, about to go under...). The problem is that the industry still hasn't figured out how to charge its users in a fair way AND make a buck. Is it REALLY fair to charge a flat fee, which means divide total cost usage by total users and then charge that to each user (plus a markup -don't forget that this is NOT a charity, but a business-)? If so, then what happens is that those that hardly use it are heavily subsidizing the big users.

If there are no limits, what stops you from getting yourself a cable/DSL access and then wiring up your whole neighbourhood through you? Hand them out instructions on how to create a hotmail-type email, and off you go. For those that say "sure, but then you are lowering the experience of each one", they should actually look at average usage, and you would see that up to around 50 users or so, you are unlikely to step on each others toes except under exceptional circumstances (not more than 4 or 5 are likely to be on at the same time, and of them, they are statistically going to have more unused b/w during their usage than used).

Unfortunately, during the dot-com boom pricing and billing of ISP service went nuts (along with the rest of the industry), and we still have to recover from this idea that b/w should be somehow GIVEN by the ISP at no charge to EVERYONE. Sure, I love universal service as everyone else, but the big question that we should all be asking ourselves: "for internet service, WHO should pay?" Please note, that links, routers, equipment, staff, electricity, etc... are NOT free.

If an ISP has unlimited access which it is calculating on the basis of an average SINGLE user with a SINGLE machine, and it states it clearly in its contract that you are paying for a single-user/single-machine, then anyone putting more than that on their link is in breach of their contract. They have calculated their prices based on their assumption. Of course you may think -and might even be right- that their prices are too high, but does that morally allow you to be in breach of contract? In the same way, we all feel that MS-whatever licenses are way too high, but are we morally allowed therefore to install each program on 10 machines (certainly not legally).

You could do the same abuse with less elegant solutions than NAT. Simply running a simple Proxy server for your neighbors would provide them access. Only 1 machine is on the Internet, the rest aren't. Hell, if you are running MS's busted proxy, the rest don't even need TCP/IP, they could run IPX/SPX. (Lousy program, NEAT configuration options, I never want to go near it again...)...

Myself, I have a $90/month DSL connection. Why? If I need to get a VNC connection through the VPN to a work machine, I want the 384K uplink.

We have a NAT box with wireless, and technically, 4 computers there. I live with my fiancee. She web browses from her iBook, and I work from home on the weekends. We barely use the bandwidth.

However, I pay the premium so it is there when I need it.

Ban NAT and I lose Wireless. If that is the case, I drop DSL. I can't run Wires all over my apartment, so I use Wireless to send the signals around.

Find the abusers, by all means. However, leave those of us that don't abuse it alone.

It's because a whole lot of people saw a GREAT value in the amount of money it cost to buy a computer, hook up to the internet. What you got for that money was virtually FREE, convenient communication, (IM, email) with anyone anywhere in the world, free music, free software, etc.

Now, many of those formerly compelling reasons have evaporated:
IM - is a world of divided standards, so you can only talk to AOL users if you're an AOL user, MSN if your an MSN user, etc.

email - is a world where you need to sift through 20 spam messages to find your one message. Also the monoculture of email clients created a nightmare reality of viruses.

nntp - spam is certainly a problem, as is the bulk of news services no longer carrying binaries.

Stock Trading - find me a stock worth investing in today. It was half a function of cheap trading, but also half a function of stocks where you could actually make money.

WEB - commercial consolidation funnels most people to portals. Nobody can afford to host anymore, so people's websites are either overrun with popups or they're very small, and hosted on very slow hardware, and anyone posting material of any worth has been shut down due to copyright concerns. Anything interesting or non-mainstream is either impossible to find now, or shut down. I recently went through my bookmarks.html list, of 500k, accumulated over the past 8 years or so - and a good 70% of the URLs were dead. Making me regret not saving the content to my local hard drive. (and I have saved a great deal anyway).

A Voice - running your own server used to be a great democratic equalizer. It's no longer affordable to the vast majority of people. For all but the most basic uses, you can't address the web at large anymore, because 56k is not enough, cable and DSL providers are "gunning" for any attempt at using the service for servers, and T1 is still prohibitively expensive.

Free Music - the age of napster is finished.

Free Software - I'm not talking about Free Software, I'm talking about that which the BSA is making extinct. Warez. Right or wrong, it was one major compelling reason people got onto the internet.

The only compelling things left I can see are:
email/im - despite the fact that they're not what they used to be, they're still very useful, but there's no need for broadband here.

Corporate Software websites - where you can usually get up to date drivers and updates. Most of the time, broadband isn't required.

Free Software - If you're a Linux-head - you still need broadband for downloading those isos.

Marketing - ah yes. If you're an advertiser, the internet is your friend, and a very compelling reason to get broadband, or even a T1. That is, until everyone who has signed up for the internet in the past 3 years finally realizes that there's nothing out there for them but advertising and crap, and drop the service.

but did anyone think they'd already be harassing people that are using nothing more than the bandwidth for which they are paying? It makes me very happy that my DSL kit arrived yesterday
Here's the thing. $49.95 or whatever it is you pay really doesn't cover the cost of all that bandwidth if EVERYONE uses it. It's called oversubscribtion and the $19.95 dial-up ISPs are alive because of it. The ISP (in this case Comcast) can't offer that service at that price if everyone uses it. Even T1 services are oversubscribed to some extent. But with a T1 you ARE paying for the bandwidth you're getting. Your DSL service is no better, if lots of customers start using all downstream bandwidth all the time, the ISP would have to discontinue the service at that price.

My service was bought by Comcast so I am now one of their subscirbers. First the sent a letter with a broken CD that said run the CD by the end of the year of lose internet access. I got this in the mail as I was leaving for Christmas vacation and wasn't going to be back until January. No explaination of what was on the CD or the settings that need to be changed for email and whatever else. I also recieved a new email address that I will never remember. And when I got back, I got a letter informing me that due to all the new services (I'm not sure what those are) my rates are going up!

And now this? If they call me about my router (unless the kittens are surfing while I'm at work, I'm the only one that uses the access), I need to find another provider. Anybody have any recommendatiosn for a provider in the Detroit area?

The fool part about things like this is that no one ever tries to think logically about it. Every user that gets slapped by this is going to be one less client (if DSL is available) for them. The fewer clients they have, the less money they make to make up for badwidth costs. The less money they have, the more draconian they become. They should really think about tacking on an extra five dollars a month and start advertising that they ALLOW people to set up servers. As long as they have honest pricing and limit bandwidth accordingly, they won't eventually go under.

Comcast Guy #1 We need to get computers off the network that are stealing our bandwidth!

Comcast Guy #2 Gee, guy 1, How are we gonna go about doing that?

Comcast Guy #3 Hmm. Ok, I have an idea Lets make up a story and post it to Slashdot, we'll tell them we are going to find them out,they are all evil bandwidth stealers, they will wonder how we are going to go about doing this, and in the process they will tell us EXACTLY what to do to find them out. Good thing for them or we'd have no clue whatsoever. Now we can spend more time making useless content that we can charge them money for

What if I only have one computer online at a time? I go to work every day, but my wife works from home. Sometimes she's online on her Mac, other times on her PC. When I come home, she's watching TV while I'm on my linux box. How is that a problem?

Wonder what they'll say when they see Linux and Windows traffic coming from my ip at different times. Technically I'm only ever using one at a time, they can suck a bag of if they think I'm paying for two ip's when only one machine can be running at a time. And if they are going to start enforcing this, they can give me back my damn static ip. Guess I'll be switching to DSL soon too.

At what point do these ISPs stop being 'Internet Providers', and start becoming 'Web Page Providers'? As early as a year ago, an 'Internet Connection' meant that my computer could talk to any other computer that is also on an 'Internet Connection.' Nowadays, though, ISP's are playing games with blocking off what you can do with this connection. It seems like companies like ATTBI really only want to provide you the ability to do what Internet Explorer allows you to do. Anything beyond that and they try to nix it.

They don't want me doing P2P, they don't want me to play games, they don't want me to have more than one computer hooked up, and they don't want me going wireless. How much more can they block off before its no longer really an Internet Connection?

It seems to me that if they are going to behave this way, then they shouldn't be considered Internet Service Providers anymore. They're not! You can't call it an ISP if they're telling you you can't do the things that makes the Internet the Internet. I have two computers on the net at home. One I use just as an email terminal (very low bandwidth), and the other is where I go cruising the web and do IM etc. Until they tell me that I can only use so much bandwidth, they have no business telling me I can't use more than one computer. They advertise "unlimited bandwidth, 24-7", and then they play these silly games with me. It really makes me want to sue for false advertising.

I got pretty fired up when I read the introduction to this story. Before I got to the end, I had decided that I would switch to DSL if Comcast came-a-knocking, even though DSL is more expensive in my area.

However, I read the linked article and my Comcast agreement.

I doubt most people here have done either.

The effort is clearly aimed at people who are sharing their connections outside their homes. The article even has a diagram showing multiple homes. Take a look at this excerpt:

If you have a problem with trying to stop this type of activity, then you also probably think it would be OK to run phone line from your house to your neighbor's house, since you "pay for the bandwidth and can do whatever you wish with it." You would probably think it's OK to run Cat 5 or fiber all over your neighborhood too.

If Comcast tries to make me pay extra for having three networked computers, I'll be as angry as the next geek. But sheez, let's tone down the hype until that actually happens.

If you have a problem with trying to stop this type of activity, then you also probably think it would be OK to run phone line from your house to your neighbor's house, since you "pay for the bandwidth and can do whatever you wish with it."

Maybe I'm missing something, but what's wrong with sharing my phone line with my neighbors? Assuming my neighbor splits the phone bill, I get a smaller phone bill in exchange for the hassle of having to share the line. And working out the long distance calls would likely be a pain. Hmm, thinking about it, it sounds alot like what happened when I was sharing an apartment. What's the difference if the person I'm sharing with lives next door or in the next bedroom?

(There may be a law of some sort against it, but I don't see any sort of ethical problems with such a situation.)

When do I own a packet?
After I request it?
When the media it travels down is owned by me?
When it hits my computer and the TCP/IP stack does something with it?
When I sign my service agreement?

I guess comcast thinks they always own the packet.

For about the last year i've been sharing my network with my neighbors, we all own our houses, and have given each other "right of way" to run cat5 stapled to the fence into each others houses. What started out as a simple 1 wire connection has grown to over 24 pairs of copper (i.e. 6 lines)

Each neighbor prepays 6 months in advanced, 10 dollars a month. With this money i've managed to get the bandwidth up to 1.5down and 512up. Their kids can download on napster all day long and it still wont lag my gaming connection. Not only do I share an internet connection with them, but my fileserver as well. We have a central repository for music, a phpnuke based site for updates on the network status.

Our equipment is pretty nice too, everyone has intel pro100 management cards. Our main nat server used to be a linkcyst router, but it has evolved into a k62-300 running bbiagent. (nifty little firewall on disk, bbiagent.net)

So the question of when do I own the packet comes up again.

We don't have a classC subnet, we're all using nat on the 192.168.x.x range. I thought that range was set aside as a non routable "private" network. Private as in mine, err I should say our co-op. It doesn't belong nor resemble our providers network in any way shape or form. We maintain it, upgrade it, support it, ect.

It's really a pity that all these ISP exec's get paid so much money. That 10million a year spent for 1 CEO could buy a cheaper CEO for about 250k, and enough techs to upgrade the existing infrastructure.

Take for example, the DSL I use now. It runs on POTS telephone service, which has not seen any signifigant change since Alexander Bell said "hello" 100 years ago. Basically whenever you make a phone call, the line between you and the person on the other end is a complete circuit. The best analogy I can make is this would be like taking a trip from LA to Chicago, with all the freeways empty except for your car during the duration of your trip. It's a complete waste of resources.

Now imagine if this infrastructure was upgraded to packet switched networks. Bandwidth would become cheaper because circuits could be multiplexed, allowing many cars on the road at the same time.

With comcast, I would guess that %90 of their bandwidth on the wire is being sucked away by their old infrastructure (analogue video) You can see what a waste this is because you can only fit maybe 40 or so channels on the analogue wave, on the other hand, they have this newfangled digital cable, which uses just 1 or 2 channels of the original analogue, but because it is a packet based network, its better utilization of the bandwidth and they can fit 100-200 channels where they used to only be able to fit one.

On top of that, there is IPV6

This is really turning into a long rant.

I just don't see comcasts justification for eradicating NAT from their network.. If they want to control what kind of network I have at home, they can run the cable, and buy my hardware. Hunting down people that just want to share an internet connection is bullshit (pardon my french) and is just another way of deflecting from the REAL problem which is people are starting to wake up to the fact that what they have percieved for years as good internet service is not the truth. I think it's about time people stopped accepting what the providers try and shleff off as good service and start demanding that they upgrade their networks to handle the load, instead of taking it out on the customers that underwrite thier service.

I've had a cable modem since 1998 back when I don't think anyone had heard of "NAT" and wireless ethernet for the home didn't even exist. My roommates and I were one of the early customers of MediaOne, back before they merged with Road Runner and before they were bought by AT&T. We paid 40 bucks a month for our connection and, like most other cable services, our bandwidth was decent but it was shared with those who live in the same neighborhood as you. Now, between myself and my 2 roommates we had 10 computers between us.

There weren't any NAT boxes available, so we did it the old fashioned way - we used a 486 put together from spare parts running Linux with IP Masquerading installed. ("IP Masquerading" is what NAT was called back then.) All of our computers were hooked up to this box - and MediaOne only saw one computer on their network. Our setup worked well and we didn't feel like we were stealing - in fact we believed were helping relieve the growing shortage of IP addresses.

If cable and DSL providers want to restrict the number of computers connected to a single modem, they need to be more clear about what they are selling. Are they selling IP addresses? If so, I only want one IP address, thank you. Are they selling bandwidth? Well, if they are, give me a monthly bandwidth cap because despite the fact we have nearly a dozen computers we didn't use anywhere near as much bandwidth as the kid next door with one computer who downloaded pr0n 24-hours a day.

And finally, if they are charging for just having the connection itself then don't complain about how many computers are connected. Does the phone company care how many phones are connected to a single line? You may argue that a single phone line will only let you have one call going at one time. Well, the same is true of cable and DSL services. Anyway you look at it, there is only one packet being transmitted through the DSL or cable modem at any given time. This is very different from stealing cable television where you can watch multiple channels at the same time on different TVs.

Given all of this, the only thing that the cable and DSL providers can do is limit the bandwidth on a connection. If they did that then "Bob" wouldn't be as willing to share his bandwidth with his neighbors because it would either mean additional fees or slower access for himself. He should have the right to "timeshare" his connection anyway he wants. Just like if I were let my neighbors watch my cable TV while I'm not home or if I deleted my copy of Quake and lent the CD to a friend.

Besides, even if something like CAT is implemented, clever Linux users will still be able to customize their own little firewall/router to bypass this and this "problem" will still exist.

If you feel like your ISP is dicking you around, the only real solution is to fire them. They exist to serve your needs, not to control your life. Write them a letter telling them why you are cancelling your service, and tell them what changes it would take in order for you to reconsider them as an ISP.

Trying to "fool" your ISP with clever stealth-NAT schemes is lots of fun and all, but it does nothing to change the status quo of companies thinking that they can dictate how their customers should use the Internet.

Yes, I realize that some of you have no alternative. If that is the case, it is of course up to you whether you want to drop back to dial-up service, or continue to get dicked around.

If I get a response soon, I'll post it, but I've basically come straight out and told them the truth. How they react will be a judgement of their character as a company

I chose ComCast for 1 reason: I could get billing for cable and internet from one company. If they wish to deny me that, I'll simply switch to satellite TV and DSL modem, and they lose my business entirely ($100/month for them right now).

I don't see anyone else saying this: I think we shuold all say a big THANK YOU and WELL DONE to the friend who resigned his job over this - especially in today's economic climate. This sort of courage, to put one's own neck on the line over a principle, is sadly lacking amongst most of us. Well done, and best of luck finding another job with an more ethical employer.

I have a friend who uses a router with comcast. This concerned him enough to call them (in hopes of making a rightous big-stink!). They said there is NO problem with someone using a router (and using multiple computers).
The only (no so) negative thing the tech said was "we offer multiple IP's; if you don't want to buy a router".
This went down in SE PA.

The cable companies are trying to achieve the same benefits that OS software companies enjoy. Just like you can't install one copy of Windows on multiple computers (legally anyways), the cable companies don't want you using more than one computer on the network at the same time. Does it increase the amount of bandwidth? Unlikely. Websurfing and gaming uses such a miniscule amount of bandwidth that even additional computers don't significantly add to the load, and any warez junkie will far outweigh the load that a multi-user network adds.

The point is, they want to be able to charge extra for multiple computers. Of COURSE there are technical ways to get around this, but those don't provide the cable company with extra revenue.

You say it doesn't cost the cable company any extra for you to host multiple computers on a single connection. This is true. Its also true that installing one copy of Windows onto more than one computer doesn't cost Microsoft more. But it deprives them of revenue they would have if you were legal. The cable company sees this the same way.

If its in the user agreement, and you signed on knowing this, you have nobody to blame but yourself. And cable companies are in a better position than Microsoft in this regard. Chances are, you probably signed an actual contract, not some EULA that you blindly clicked through without reading. You don't have to use them. Use a competitor. Vote with your wallet.

And now, you're going to tell me there ARE no other options. They're the only broadband provider in your area. Well, guess what. There are places that don't even have ONE broadband option. You at least HAVE a choice. Accept it, start an alternative service on your own, move somewhere there are more (or better) options, or keep cheating and hope you don't get away with it.

Personally, I don't get into this argument. The service I have allows me 16 static ip's and allows me to resell the bandwidth if I want. But I also pay for it, probably a lot more than you're paying. I could probably get away with far less, but I actually prefer the idea of having a service that I know is unrestricted. If you buy a service that comes with restrictions, you better make sure you can live with those restictions before you sign your name and start paying for it.

While I don't work on the phones (my job is to keep the client machines that tech support personnel use for logging calls running) I do end up listening to quite a few calls in that account. In fact I was listening to call today, where a gentleman was trying to get his Linksys four-port NAT-enabled router working with Comcast's service. Not only did the tech not mention anything about not supporting NAT, but the tech support agent helped him set up the router, made it work with one machine, waited while this gentleman went to his other machine, and helped him ensure that his tcp/ip settings were correct. He was using the 192.168 network locally.
Hmmm maybe we're just slow to get the news?

All the fees for my telephone service and
my DSL connection cost me somewhere in the ballpark
of $2400.00 per year. For that amount, I get
two phone lines, a fairly decent voicemail package
plus all the add-on services that Qwest sells
(caller-id and so forth), a 1.5/1.5 Mbit ADSL
connection, a/27 routed to me with proper DNS,
a Cisco 678, webspace, mail addresses, nntp access,
yadda yadda, from a clueful ISP that provides
connectivity and not bullshit.

People keep going on and on and on about how MSN
this and AOL/TW that and now Comcast the other thing.

In my WAY NOT humble opinion, when you go for the
cheap option, you're going to get treated like a
commodity consumer, NOT like a customer. If you
are unfortunate enough to live in an area which is
not well-served by competing broadband providers, well,
you have my sympathies. There are downsides to the
area where I live as well. But if you do have a choice,
and you've gone with the lowest priced option when
better though more expensive alternatives are available,
you should stop complaining, and take responsibility
for the consequences of your decisions.

Everyone seems to be making some great points that have sparked a few questions:

What if I only have one computer but decide to put it behind a NAT box? Will a service tech have to come by my house to verify this?

What about the whole new wave of broadband capable consumer devices like component MP3\MPEG-4 players that can stream internet radio? Would I have to pay $N more for each device I purchase?

You can't argue against installing a firewall for security reasons. And it's much easier to drop a specially made hardware component in then configure your OP system to do it. My grandmother could install a Linksys router, but will never be able to truely configure a firewall. This would seem like they are disallowing easy\basic ways of safeguarding yourself.

I have six machines behind my NAT box. Each is configured to tripple-boot with Solaris, Windows or Linux so I can test different network environments and combinations. Thats a total of 18 static IPs assigned inside the LAN and potentially 18 different outgoing browser headers. I am a single guy in a one room appartment who actually downloads very little. I am also crazy and have vastly different browsing habbits durring different parts of the day. How do you suggest I be charged?

If they really want to do this right they're going to have to packet sniff. That means they'll be able to tell when (and what) you're IMing, FTPing, browsing, and they'll know any clear-text passwords you happen to use. I do not trust Comcast with this information.

Ok, new list with some other points:

Running a proxy to mask your traffic is fine, but only for applications that support a proxy.

When I picked up my home install kit the guy stated NAT boxes were fine.

I didn't sign up to have an "internet desk", I signed up to have an "internet house". As in, one day I will have that wireless webpad on my couch.

If I'm being pulled into an "oversubscription" model, it's not my fault. I.E. - I'm being given a ton of bandwidth, but they don't expect me to use it, and when I do I don't think I should be punished.

I've been a Comcast customer for some time and have had relatively no problems with them to date. I am a little concened that since my IP changed on the 22nd (our area's cutover) I'm unable to ping it from work. Something to do tonight I guess.

They must have done some kind of analysis where they estimate the cost of customers walking away vs. the enhanced revenue from additional fees. Given the robust sales of NAT devices, I think their analysis is way off. Then again, maybe this whole thing is a "troll for data" operation where you broadcast your intentions to see how much resistance there really is.

I remember the old days when @Home assigned one static IP per household, with no provision whatsoever for additional addresses. The tech. staff would say "There is a way to connect multiple computers, but we don't support it.", meaning "Set up Linux IP Masquerade -- we don't care, just don't ask us to fix it."

Of course the real problem with NAT is the 802.11b Wifi dilemma. In an apartement scenario, a single broadband subscriber can share with many neighbors, especially if they are light users (the kind the ISPs covet the most). I guess Comcast has figured this out and views it as a doomsday scenario.

The proper way to kill the anti-NAT practices is to see which ISP takes the lead and then boycott them into bankruptcy. After all, the service is not very useful without NAT, so walking away is not just the morally correct thing to do, it's almost a necessity anyway.

I repeat: this is RUMOUR. Why is it on Slashdot? This is not responsible journalism.

But, since everyone else seems to be hopping on the bandwagon taking this as fact I'll chime in anyways.

The solution is to play it smart and don't ever ever tell tech support you're using more then one computer. If they accuse you of using more then one, deny it. They're going to have fun proving that one.

Adelphia Powerlink flipped their freaking lid when the guy was trying to troubleshoot my connection by pinging it and I told him I'd gotten his ping.

"How do you know that? It's coming up as host unreachable here."
"Yeah I know I'm running a firewall on my machine."
"What?! You're not allowed to use a firewall on our network!"
"Uhm, why not? Oh maybe I should turn it off so all these people trying to DoS me can mess up your network a little more?"

So remember, when calling tech support:
1) You are using 1 computer.
2) You are using Windows.
3) Never mention the words: firewall, router, linux, server. They are verboten.

Always "follow" their absurd troubleshooting suggestions no matter how stupid they sound. Hey.. sometimes they do work, but otherwise just take what they tell you and translate the steps into your OS of choice. Or if you already tried it give them the answer they're looking for.

I beleive that this so called department at comcast that enforces the AUP is a bunch of HOO-HA. All these people do all day is port scan users all day long looking for open socks servers. And when they find one they send a pre-formed 'assertive but peaceful' letter explaining that the user is violating the AUP and to stop pretty please. Just like when the cable TV portion of the company comes to your house to install or repair something. After they do the repairs, the tech will take you downstairs, show you the splitters that he had to disconnect because it violates their service agreement, and then he shows you how to reconnect them after he's gone. He doesn't care, and the cable company doesn't really care because they know that when push comes to shove, if they start disconnecting people for using more than 1 TV, or computer in their house, they'll end up losing in court, just like the telephone companies did in the 70's or 80's or whenever. If you pay for a certain ammount of bandwidth to your household, once inside your household, what you do with that bandwidth is your business and your's alone.
In St. Louis, there is actually a company that offers to configure your broadband connection (cable, dsl, etc..) for NAT and firewalls, etc. They're called "The Digital Closet" I WILL LOCATE URL 4 U.. http://www.thedigitalcloset.com/ oh god their website sucks.. but it exists i guess.
If all else fails and someone calls you threatening you with a disconnect.. just pretend to be a confused old man or woman, and say that your young trial lawyer grandson set-up your LAN. If that doesn't scare them, then use the method where you fall down on the ground and soil yourself and shake violently. That will work too.

In Japan this happened with the government-run NHK which is two terrestrial and some satellite TV channels. NHK is the channel you go to when there is a big bumpy earthquake or a typhoon, and sometimes they have not so dry kind of interesting stuff too.

So NHK got the government to let them go door to door demanding cash from people all across the country, since people are watching their channels with no commercials on them, which means they must owe them something. Just started a couple years ago after many many years of free government TV.

The idea is if you pay, you get a shiny sticker which you post on your house, one a year. Of course everybody and his or her brother says to their question "Do you watch TV?", "Yeah! But I never watch NHK." Which is possible but difficult because you scan through two of their channels to hit the other five or so you get in Tokyo anyway.

When's the last time this happened? Not for a long time, then they showed up on 9-11 or within a day or so of it I remember. I best remember of course my intense anger (from the New York area doncha know) and I got really pissed off at the person who came to the door.

They went off never getting it, you know, that they could have been in the wrong. Even if technically they might not have been, though of course I never watch NHK intentionally now except when there is a typhoon or an earthquake.

Maybe Comcast could be reduced to a more pathetic lifeform like NHK, which also happens to be made of some quite corrupt and very nasty people at the top. Lucky they don't have spyware for the tv, yet.

Subscriber Agreement
This Agreement (the "Agreement") sets forth the terms and conditions pursuant to which CoxCom, Inc., together with any applicable Cox affiliate and/or distribution partner (collectively "CoxCom") will provide the Cox High Speed Internet service (the "Service") to the customer ("Customer") referenced on such order form. Such Service will be delivered over cable transmission facilities provided by CoxCom.

CoxCom may modify this Agreement, and the Service provided hereunder, at any time. CoxCom will notify Customer of any such changes by posting notice of such changes at http://www.cox.com/ and sending notice via e-mail. Customer's continued use of the Service following notice of such change shall be deemed to be Customer's acceptance of any such modification. If Customer does not agree to any such modification, Customer must immediately stop using the Service and notify CoxCom that Customer is terminating this Agreement in accordance with Section 12(a) of this Agreement.

1. Computer Equipment Requirement
Customer's computer equipment must comply with CoxCom's current minimum computer requirements, which are available at http://www.cox.com/ The minimum computer requirements may change and CoxCom will make reasonable efforts to support previously acceptable configurations; however, CoxCom is not obligated to continue to provide such support.

2. Customer Premises Equipment ("Equipment")
Customer may rent or purchase a cable modem from CoxCom or may purchase a DOCSIS-compliant, CoxCom-approved cable modem from a third party provider. CoxCom reserves the right to provide service only to users who have CoxCom-approved DOCSIS-compliant modems. Subscribers are strongly urged to check with local CoxCom Customer Support or online at http://www.cox.com/ for the most current CoxCom-approved cable modem list.

3. Access Provided
The Service will allow Customers to access the Internet, online services and other information. Customer may incur charges, including, without limitation, charges relating to the purchase of "premium" services, such as additional web space, unified messaging, online faxing, business class services, or access to certain gaming sites in addition to those billed by CoxCom. All such charges, including all applicable taxes, are the sole responsibility of Customer.

4. Payment Terms

a. Agreement to Pay. Customer agrees to pay all monthly fees and installation charges, including applicable franchise fees, taxes, customer service fees, late fees and door collection fees. Monthly fees will be billed one month in advance. If payment is not received by the due date, late fees and/or collection charges may be assessed and the Service may be terminated. Customer may be required to pay a reconnect fee and/or a security deposit in addition to all past due charges before the Service is reconnected.

b. Payment Methods. Customer agrees to pay CoxCom in accordance with the payment terms on the back of the invoice received by Customer for the Service and agrees that CoxCom has the right to change the structure and amount of its fees at any time subject to applicable law.

5. Access to Customer's Premises
Customer authorizes CoxCom, and its employees, agents, contractors, and representatives to enter Customer's premises (the "Premises") at mutually agreed upon times in order to install, maintain, inspect, repair and remove any CoxCom-owned Equipment and/or the Service. If Customer is not the owner of the Premises, upon request, Customer will supply CoxCom with the owner's name and address, evidence that Customer is authorized to grant access to the Premises on the owner's behalf, and (if needed) written consent from the owner of the Premises.

6. Relocating/Removing Equipment
Customer will not remove any CoxCom-owned Equipment from the Premises or connect the Equipment to any outlet other than the outlet to which the Equipment was initially connected by the CoxCom installer. CoxCom may relocate the Equipment for Customer within the Premises at the Customer's request for an additional charge. If Customer relocates to a new address, this Agreement shall automatically terminate and Customer will be required to enter into a new Subscriber Agreement and may be charged a new installation fee to initiate Service. Customer will not connect any equipment, other than Equipment authorized by CoxCom, to the cable modem outlet. Customer understands that failure to comply with this restriction may cause damage to the CoxCom network and subject Customer to liability for damages and/or criminal prosecution.

7. Contact Address
For any inquiries or notices required in connection with this Agreement, Customer should contact the local CoxCom customer service center, at the address or phone number listed on Customer's bill.

8. Acceptable Use Policy
Customer agrees to use the Services only in accordance with the Acceptable Use Policy currently located at http://www.cox.com/, which may be modified by CoxCom from time to time, and which are incorporated herein and made a part of this Agreement.

9. Monitoring and Enforcement
CoxCom has no obligation to monitor the content on the Service and expressly disclaims any responsibility for any offense or injury arising out of the Customer's access to or dissemination of such content. However, Customer agrees that CoxCom has the right to monitor the Services and to disclose any information as necessary to satisfy any law, regulation or other governmental request to operate the Service properly, or to protect itself or its subscribers. CoxCom reserves the right to refuse to post or to remove from the Service any information or materials that, in its sole discretion, are inappropriate, undesirable, or in violation of this Agreement.

To promote good citizenship within the Internet community, CoxCom will respond appropriately if it becomes aware of inappropriate use of its Services. CoxCom prefers to advise Customers of inappropriate behavior and any necessary corrective action required. However, if the Services are used in a way in which CoxCom, in its sole discretion, believes violates this Subscriber Agreement, including the Acceptable Use Policy, CoxCom may take any responsive actions it deems appropriate. Such actions include, but are not limited to, temporary or permanent removal of content, cancellation of newsgroup posts, filtering of Internet transmissions, and the immediate suspension or termination of all or any portion of the Service. CoxCom will have no liability for any such actions. The above described actions are not CoxCom's exclusive remedies and CoxCom may take any other legal or technical action it deems appropriate.

By using the Services to publish, transmit or distribute content, Customer is warranting that the content complies with this Agreement, including the Acceptable Use Policy. Customer also authorizes CoxCom to reproduce, publish, distribute, and display the content worldwide only as necessary for CoxCom to provide the Services. The publication, transmission, or distribution of Customer content pursuant to our providing the Services shall not provide CoxCom any ownership rights or license to use that content for any purpose other than allowing CoxCom to provide the Services.

10. Customer Information

a. Credit Inquiries. Customer authorizes CoxCom to make inquiries and to receive information about Customer's credit history from others and to enter this information in Customer's file.

b. Information Collection and Disclosure. Customer agrees that CoxCom may collect and disclose information concerning Customer and Customer's use of the Service in the manner and for the purposes set forth in CoxCom's privacy policy currently available at http://www.cox.com/, and as the same may be modified from time to time in accordance with its terms.

11. Customer Service
CoxCom expressly reserves the right to institute fees for providing certain customer support services if, at its sole discretion, it determines such fees are warranted. Except as expressly provided herein, CoxCom shall not be liable for any damage to Customer's equipment resulting from or arising in connection with its provision of technical service and support for the Service, even if such damage results from the negligence or gross negligence of the CoxCom installer, technician or customer service representative.

12. Terminations and Expiration

a. Termination Rights. Either party may terminate this Agreement at any time without cause by providing the other party with no less than twenty-four (24) hours written notice of such termination. In the event of termination by Customer, Customer must notify CoxCom by telephone or by a non-electronic written submission. E-mail submissions shall not constitute effective notice. In the event of termination by CoxCom, CoxCom may notify the Customer of such termination by electronic or other means. In those cases where annual prepayment terms are elected by Customer, Customer agrees and understands that the calculation of any refund for unused Service will be based upon the normal rate for the Service and not upon the discounted annual prepayment rate.

b. Obligations Upon Termination. Customer agrees that upon termination of this Agreement:

1. Customer will pay CoxCom in full for Customer's use of any CoxCom-owned Equipment and Service up to the later of the effective date of termination of this Agreement or the date on which the Service and any CoxCom-owned Equipment have been disconnected and returned to CoxCom. Customer agrees to pay CoxCom on a pro-rated basis for any use by Customer of any CoxCom-owned Equipment or Services for a part of a month.

2. Customer will permit CoxCom to access Customer's premises at a reasonable time to remove any CoxCom-owned Equipment and other material provided by CoxCom.

3. Customer will ensure the immediate return of any CoxCom-owned Equipment to CoxCom. Customer will return or destroy all copies of any software provided to Customer pursuant to this Agreement.

4. CoxCom is authorized to delete any files, programs, data and e-mail messages associated with such account.

c. CoxCom Retention Rights. Nothing contained in this Agreement shall be construed to limit CoxCom's rights and remedies available at law or in equity.

13. Limited Warranty
ANY COXCOM-OWNED EQUIPMENT AND SERVICE ARE PROVIDED BY COXCOM "AS IS" WITHOUT WARRANTY OF ANY KIND. COXCOM DOES NOT WARRANT UNINTERRUPTED USE OF THE EQUIPMENT OR THE SERVICE. COXCOM DOES NOT WARRANT THAT ANY DATA OR ANY FILES SENT BY OR TO CUSTOMER WILL BE TRANSMITTED IN UNCORRUPTED FORM OR WITHIN A REASONABLE PERIOD OF TIME. ALL REPRESENTATIONS AND WARRANTIES OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING, WITHOUT LIMITATION, ANY WARRANTIES OF NONINFRINGEMENT, FITNESS FOR A PARTICULAR PURPOSE AND MERCHANTABILITY ARE HEREBY EXCLUDED AND DISCLAIMED. Some states do not allow the exclusion or limitation of implied warranties, so the above exclusions or limitations may not apply to you.

14. Back-Up Requirements
Customer agrees that he/she understands that the installation, use, inspection, maintenance, repair and removal of the Equipment may result in service outages or potential damage to Customer's computer. Customer therefore accepts full responsibility for backing up all existing computer files prior to such activities involving the Equipment. Customer expressly releases CoxCom from any liability whatsoever for any damage to or loss or destruction of any of Customer's software, files, data or peripherals.

15. CoxCom Performance and Reliability Rights
Although CoxCom will make commercially reasonable efforts to deliver a high quality residential Internet access service, unless otherwise specified by CoxCom in writing, Customer is purchasing a residential data service with no performance or reliability warranty either expressed or implied. CoxCom reserves the right to manage its network for the greatest benefit of the greatest number of subscribers including, but not limited to the following: rate limiting, traffic prioritization, and protocol filtering. Customer expressly accepts that such action on the part of CoxCom may affect the performance of the service. CoxCom reserves the right to enforce limits on specific features of the Service, including, but not limited to, e-mail storage and web hosting maximums.

16. Damage to and Encumbrances on Equipment, Computer, Software

a. Ownership of Equipment. All Equipment, except for equipment purchased and paid for in full by Customer, will at all times remain the property of CoxCom. Customer may not sell, transfer, lease encumber or assign all or part of the CoxCom-owned Equipment to any third party. Customer shall pay the full retail cost for the repair or replacement of any lost, stolen, unreturned, damaged, sold, transferred, leased, encumbered or assigned Equipment or part thereof, together with any costs incurred by CoxCom in obtaining or attempting to obtain possession of any such Equipment. Customer hereby authorizes CoxCom to charge Customer's Visa, Master Card, other credit card or other payment method authorized by Customer for any outstanding Service and Equipment charges. CoxCom may, at its option, install new or reconditioned Equipment, including swapping existing Customer equipment for DOCSIS-compliant equipment, for which the Customer may incur a fee.

b. Customer's Hardware and Software. Should the hardware of Customer's computer be damaged as a result of the gross negligence of CoxCom or the gross negligence of an authorized agent of CoxCom, CoxCom will pay for the repair or replacement of the damaged parts up to a maximum of $3,000.00. CoxCom shall have no liability whatsoever for any damage to or loss or destruction of any software, files or data, including any damages or losses resulting from any virus, lock, key, bomb, worm, Trojan horse, or other harmful feature.

17. No Liability for Content
There may be content on the Internet or otherwise available through the Service that may be offensive to some individuals, or that may not be in compliance with all laws, regulations, and other rules. CoxCom assumes no responsibility for the content contained on the Internet or otherwise available through the Service. All content accessed by Customer through the Service is accessed and used by Customer at Customer's own risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to access to such content by Customer. CoxCom specifically disclaims any responsibility for the accuracy, quality and confidentiality of information obtained through the Service.

18. No CoxCom Liability For

a. Eavesdropping. Other cable and Service subscribers may be able to access and/or monitor Customer's use of the Service. The risk of such "eavesdropping" exists not only with cable transmission facilities, but also on the Internet and other services to which access is provided by CoxCom as part of the Service. Any sensitive or confidential information (such as credit card numbers or other financial information, medical information or trade secrets) sent by or to Customer is sent at Customer's sole risk, and CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings arising out of or otherwise relating to such actions by Customer.

b. Security. Customer agrees that when using the Service to access the Internet or any other online service, there are certain applications, such as FTP, HTTP, proxy, peer-to-peer based applications, or gateway server applications, which may be used to allow other Service users and Internet users to gain access to Customer's computer. CoxCom shall have no liability whatsoever for any claims, losses, actions, damages, suits or proceedings resulting from, arising out of or otherwise relating to the use of such applications by Customer, including, without limitation, damages resulting from others accessing Customer's computer or from any loss of data maintained on any network.

19. Limitation of Liability
Customer agrees to indemnify CoxCom from any claims arising from Customer's use of the Service, including the use of the Equipment or the Service in any manner prohibited under this Agreement. Unless otherwise specifically provided in this Agreement, CoxCom shall not be liable to Customer or to any third party for any claims, damages, losses, liabilities expenses, or costs (including legal fees) resulting directly or indirectly out of or otherwise arising in connection with any allegation, claim, or proceeding based on:

a. The use of the Service by Customer or any other use of the Equipment, including, without limitation, any damage resulting from or arising out of Customer's reliance on or use of the Equipment or Service, or mistakes, omissions, interruptions, deletion of files, errors, defects, delays in operation, failed deliveries, misdeliveries, transmission failures, or any other failures of performance whether from a failure of the Equipment or Service or from any other computer or network;

b. The termination or reclassification of Customer's account by CoxCom pursuant to this Agreement;

c. A contention that the use of the Equipment or Service by Customer or a third party infringes the copyright, patent, trademark trade secret, confidentiality, privacy, or other intellectual property rights or contractual rights of any third party;

d. In no event shall CoxCom have any liability for any consequential, special, incidental, or indirect losses or damages, including lost profits, loss of data, lost business opportunities, and personal injuries (including death). The limitations set forth in this Section 20 apply to the acts, omissions, negligence and gross negligence of CoxCom, and each of its respective affiliates, subcontractors, employees and agents, which, but for this provision, would give rise to a cause of action in contract, tort or any other legal doctrine; and

e. Customer's sole and exclusive remedies under this Agreement are as expressly set forth herein. Some states do not allow the limitation or exclusion of incidental or consequential damages, so such limitations or exclusions may not apply to you.

20. Installation/End User Software Licenses

a. If the installation of an Ethernet card is required, it may be necessary to open Customer's computer. System files on Customer's computer may be modified as part of the installation process. CoxCom neither represents, warrants, nor covenants that such modifications will not disrupt the normal operations of Customer's computer. CoxCom shall have no liability whatsoever for any damage resulting from the above or other file modifications. CoxCom is not responsible for returning Customer's PC to its original configuration prior to installation.

b. CoxCom or its agents will supply and install certain software, and if required an extra cable outlet, a cable modem and an Ethernet card for a fee determined by CoxCom. CoxCom will also provide a "getting started guide" and online instructions on how to use the Service. CoxCom shall use reasonable efforts to install the Service to full operational status, provided that Customer's computer fulfills the minimum computer requirements set out above in Section 1.

c. Customer agrees to comply with the terms and conditions of all end user license agreements accompanying any software or plug-ins to such software distributed by CoxCom in connection with the Service. All end-user software licenses shall terminate upon termination of this Agreement.

d. Customer may transfer the software provided by CoxCom to additional computers within the home, but service and support for these additional machines is limited and/or may incur an additional fee. Customer agrees that CoxCom has no responsibility to provide service and support for in-home networks. If Customer intends to transfer the software, Customer must give CoxCom prior notice of such transfer.

21. Multiple Users
Customer agrees that Customer is executing this Agreement on behalf of all persons who use the Equipment and/or Service provided to Customer. Customer shall have sole responsibility for ensuring that all such other users understand and comply with the terms and conditions of this Agreement. Customer further agrees that Customer is solely responsible and liable for any and all breaches of the terms and conditions of this Agreement, whether such breach is the result of use of the Service and/or Equipment by Customer or by any other user of Customer's computer.

22. Governing Law
This Agreement shall be exclusively governed by, and construed in accordance with, the laws of the State of Georgia. Customer may not bring any claim, suit or proceeding more than one (1) year after the date the cause of action arose.

23. General
This Agreement constitutes the entire agreement and understanding between the parties with respect to its subject matter and supersedes and replaces any and all prior written or oral agreements. In the event that any portion of this Agreement is held to be unenforceable, the unenforceable portion shall be construed in accordance with applicable law as nearly as possible to reflect the original intentions of the parties and the remainder of its provisions shall remain in full force and effect. CoxCom's failure to insist upon or enforce strict performance of any provision of this Agreement shall not be construed as a waiver of any provision or right. Neither the course of conduct between the parties nor trade practice shall act to modify any provision of this Agreement. This Agreement may not be assigned or transferred by Customer. This Agreement is freely assignable by CoxCom to third parties.

Acceptable Use Policy

CoxCom, Inc. and any Cox affiliate and/or distribution partner referenced on the order form/Subscriber Agreement (collectively "CoxCom") provides a variety of Internet services that allow Customers to connect to CoxCom's high-speed Internet network ("Services"). In order to provide Customers with high quality Service, CoxCom has adopted this Acceptable Use Policy ("Policy") for CoxCom Customers. Please read this policy prior to accessing the CoxCom Services. By using CoxCom Services, CoxCom Customers agree to abide by, and require others using the Services to abide by, the terms of this Policy. CoxCom may revise this Policy from time to time without notice. Accordingly, CoxCom Customers should consult this document regularly to ensure that their activities conform to the most recent version. ANY USER WHO DOES NOT AGREE TO BE BOUND BY THESE TERMS SHOULD IMMEDIATELY STOP USE OF THE SERVICES AND NOTIFY THE COXCOM CUSTOMER SERVICE DEPARTMENT SO THAT THE USER'S ACCOUNT MAY BE CLOSED. For any questions regarding this Policy, complaints of violations, or cancellation notices please contact CoxCom via E-mail at abuse@cox.com, by mail to the cable system address listed on the Subscriber Agreement or by telephone to your local cable system office.

Prohibited Activities
CoxCom Customers may not use the Services in a manner that violates any applicable local, state, federal or international law, order or regulation. Additionally, CoxCom Customers may not use the Services to:

Conduct, participate in, or otherwise facilitate pyramid or other illegal soliciting schemes.
Take part in any fraudulent activities, including impersonating any person or entity or forging anyone else's digital or manual signature.
Invade another person's privacy, stalk or otherwise harass another.
Post, transmit, or disseminate content that is threatening, abusive, libelous, slanderous, defamatory, incites hatred, or is otherwise offensive or objectionable.
Restrict, inhibit, or otherwise interfere with the ability of any other person to use or enjoy the equipment or the Service, including, without limitation, posting or transmitting any information or software which contains a virus, lock, key, bomb, worm, Trojan horse or other harmful feature.
Collect or store personal data about other users.
Use an IP address or client ID not assigned to Customer.
Use the Services on more than a single computer, unless otherwise authorized by CoxCom.
Violate any other CoxCom policy or guideline.
Harm to Minors
CoxCom Customers may not use the Services to harm or attempt to harm a minor, including, but not limited to, by hosting, possessing, disseminating, or transmitting material that is unlawful, including child pornography or obscene material.

Intellectual Property Infringement
CoxCom Customers may not use the Services to post, copy, transmit, or disseminate any content that infringes the patents, copyrights, trade secrets, trademark, or propriety rights of any party. CoxCom assumes no responsibility, and CoxCom Customers assume all risks regarding the determination of whether material is in the public domain, or may otherwise be used by Customer for such purposes.

Copyright
If you believe that your work has been copied in a way that constitutes copyright infringement, please provide CoxCom's Copyright Agent the following information:

An electronic or physical signature of the person authorized to act on behalf of the owner of the copyright or other intellectual property interest;
A description of the copyrighted work or other intellectual property that you claim has been infringed;
A description of where the material that you claim is infringing is located on the site;
Your address, telephone number, and email address;
A statement by you that you have a good faith belief that the disputed use is not authorized by the copyright or intellectual property owner, its agent, or the law;
A statement by you, made under penalty of perjury, that the above information provided in your notice is accurate and that you are the copyright or intellectual property owner or authorized to act on the copyright or intellectual property owner's behalf.
CoxCom's Agent for Notice of claims of copyright or other intellectual property infringement can be reached as follows:

By mail: Cox Communications, Inc.
Attn: Wanda Moore
Leslie Spasser

1400 Lake Hearn Drive
Atlanta, GA 30319

By fax: Attn: Wanda Moore
Leslie Spasser

404-843-5845

By email: copyrightabuse@cox.com

User Content
CoxCom Customers are solely responsible for any information that they publish on the web or other Internet services. CoxCom Customers must ensure that the recipient of the content is appropriate and must take appropriate precautions to prevent minors from receiving inappropriate content. CoxCom reserves the right to refuse to post or to remove any information or materials from any CoxCom Service or system, in whole or in part, that it, in CoxCom's sole discretion, deems to be offensive, indecent, or otherwise inappropriate.

Commercial Use
The CoxCom residential Services are designed for personal use of the Internet and may not be used for commercial purposes. CoxCom Customers may not resell or otherwise charge others to use the residential Services. The residential Services are for personal use only. Customer agrees not to use the Service for operation as an Internet service provider, or for any other business enterprise, including, without limitation, virtual private network ("VPN") usage, IP address translation, or similar facilities intended to provide additional access.

Servers
CoxCom Customers may not operate, or allow others to operate, servers of any type or any other device, equipment, and/or software providing server like functionality in connection with the CoxCom residential service.

Misuse of Service
CoxCom Customers are responsible for any misuse of the Services, even if a friend, family member, guest, employee or customer committed the inappropriate activity with access to the CoxCom Customer account. CoxCom Customers must therefore take steps to ensure that others do not gain unauthorized access or misuse the Services.

Hacking/Attempted Unauthorized Access
CoxCom Customers may not use the Services to breach or attempt to breach the security of another user or attempt to gain access to any other person's computer, software, or data without the knowledge and consent of such person. The equipment and the Services may not be used in any attempt to circumvent the user authentication or security of any host, network or account. This includes, but is not limited to, accessing data not intended for Customer, logging into or making use of a server or account Customer is not expressly authorized to access, or probing the security of other networks or computers for any reason. Use or distribution of tools designed for compromising security, such as password guessing programs, cracking tools, packet sniffers or network probing tools, is prohibited.

Security
CoxCom Customers are solely responsible for the security of any device connected to the Services, including any data stored on that device. CoxCom recommends that users take appropriate security precautions for any systems connected to CoxCom Services.

Disruption of Services
CoxCom Customers may not disrupt the Services in any manner. Nor shall CoxCom Customers interfere with computer networking or telecommunications services to any user, host or network, including, without limitation, denial of service attacks, flooding of a network, overloading a service, improper seizing and abuse of operator privileges or attempts to "crash" a host.

Equipment
CoxCom Customers may not alter, modify or tamper with any CoxCom-owned equipment or service, or permit any other person to do the same that is not authorized by Cox.

Viruses, Trojan Horses, Worms and Denial of Service Attacks
Software or other content downloaded from the Service may contain viruses and it is Customer's sole responsibility to take appropriate precautions to protect Customer's computer from damage to its software, files and data. Customers are prohibited from posting, transmitting or disseminating any information or software that contains a virus, Trojan horse, worm or other harmful program or that generates levels of traffic sufficient to impede others' ability to send or retrieve information. Prohibited conduct of this type includes denial of service attacks or similarly disruptive transmissions, as well as transmissions containing other harmful or malicious features.

Electronic Mail
CoxCom Customers may not use the Services to send unsolicited bulk or commercial e-mail messages ("spam"). Any unsolicited e-mail must also not direct the recipient to any web site or other resource that uses the CoxCom Service. The Services may not be used to collect responses from unsolicited e-mail sent from accounts on other Internet hosts or e-mail services that violates this Policy or the acceptable use policy of any other Internet service provider. In addition, "mail bombing," the sending of numerous copies of the same or substantially similar messages or very large messages or files with the intent to disrupt a server or account, is prohibited.

You may not reference Cox, CoxCom or any portion of the Cox network (e.g. by including "Organization: Cox" in the header or by listing an IP address that belongs to the Cox network) in any unsolicited email even if that email is not sent through the Cox network. Further, forging, altering or removing electronic mail headers is prohibited.

Bandwidth, Data Storage and Other Limitations
CoxCom Customers must comply with the current bandwidth, data storage and other limitations on the Services. Customers must ensure that their activities do not improperly restrict, inhibit, or degrade any other user's use of the Services, nor represent (in the sole judgment of CoxCom) an unusually large burden on the network itself. In addition, Customers must ensure that their activity does not improperly restrict, inhibit, disrupt, degrade or impede CoxCom's ability to deliver the Services and monitor the Services, backbone, network nodes, and/or other network services. CoxCom may terminate, suspend, or require a Customer to upgrade its Services and pay additional fees if CoxCom, in its sole discretion, determines that that a CoxCom Customer is using excessive bandwidth.

Newsgroups
Messages posted to newsgroups must comply with the written charters or FAQs for those newsgroups. Advertisements, solicitations, or other commercial messages should be posted only in those newsgroups whose charters or FAQs explicitly permit them. You are responsible for determining the policies of a given newsgroup before posting to it.

Posting or cross-posting the same or substantially similar messages to more than eight newsgroups is prohibited. Our news software will automatically cancel any messages posted to nine or more newsgroups.

Binary files may not be posted to newsgroups not specifically named for that purpose. Users posting binary files to groups with policies concerning the permissible daily volume of posted files are required to observe those limitations.

Forging, altering or removing header information is prohibited. This includes attempting to circumvent the approval process for posting to a moderated newsgroup.

CoxCom reserves the right to discontinue access to any Usenet newsgroup at any time for any reason.

You may not attempt to "flood" or disrupt Usenet newsgroups. Disruption is defined as posting a large number of messages to a newsgroup which contain no substantive content, to the extent that normal discussion in the group is significantly hindered. Examples of disruptive activities include, but are not limited to, posting multiple messages with no text in the body, or posting many follow-ups to messages with no new text. Messages may not be canceled, except by the author or by official newsgroup moderators performing their duties.

The Usenet news service included with a CoxCom residential service account is provided for interactive use by the subscriber, using a commonly-available NNTP client such as Netscape Communicator. Non-interactive clients that download Usenet articles in bulk are prohibited.

Conflict
In the event of a conflict between the Subscriber Agreement and this Policy, the terms of the Subscriber Agreement will prevail.

COX COMMUNICATIONS, INC.
PRIVACY POLICY

Cox Respects Your Privacy
At Cox Communications, Inc., we respect your privacy. This privacy policy explains our commitment to your privacy and describes how your information is maintained and used by us.

Information We Collect
Information You Provide to Us. When you sign up for our services, including Internet, cable television, and/or video on demand (the "Services"), you provide us with information including your name, address, telephone number, and other billing information. We maintain this information along with billing, payment, deposit, complaint, and service information, and your choices regarding equipment and service options.
Information Used in Connection with Service Management, Maintenance, or Security. We collect information about your usage of our services for network management, maintenance, performance, and security. We may collect information regarding the choices that you make in connection with your use of the Services we offer, any Services ordered, and Internet usage, including the Internet Protocol number assigned to you, bandwidth utilization, and Internet resource requests (e.g. requests to view a web page) made by you.
Information for Personalization Services. We may collect and maintain information such as your address and content and service preferences to provide a more personalized online experience.
We Do Not Monitor Your Personal Communications in the Course of Normal Operations. We do not read your email messages, instant messages, online chats, or the content of other online communications that reside on or pass through our Services. We may however, retain and provide such communications in accordance with a valid court order or if we are otherwise legally required to do so or in response to an emergency situation. Please be aware, however, that once your communications leave our network and enter the public Internet on their way to their recipient, your communications may be monitored or intercepted by third-parties or other Internet service providers over which we do not have control.
We Do Not Record Any Information You Provide to Non-Affiliated Web Sites in the Course of Normal Operations. We will not record any information that you provide to third-party websites or Internet services in the course of our normal operations. When you submit information to any website or Internet service operated by us or an affiliated company, that information will be used only in accordance with the terms of service and privacy policy on that website or Internet service. Since we cannot control websites or Internet services operated by third-parties, we recommend that you review the terms of service and privacy policies of those websites.
Information Usage
We May Use Your Information for Service Related Purposes. We may use the information we collect to maintain and manage the Services, verify billing accuracy, communicate with our customers about service-related issues and maintain financial, tax and legal records. We also may transfer the information we collect in connection with the sale, merger, or transition of our system to a third-party.
We May Use Your Information for Our Internal Business Purposes. We may make your information available to our employees, agents and contractors for our internal business purposes, as well as to our outside auditors, attorneys and accountants, potential and actual purchasers of our business, and local franchise authorities. We also may disclose your information to collection services to the extent such disclosure is necessary to collect past due bills, or to other third-parties as may be necessary to render the Services and conduct other legitimate business activities related to your use of the Services. Third-parties that we retain to perform activities on our behalf (such as executing e-mail communications or collecting past due bills) and which necessarily have access to your information to carry out their assignment, are obligated to maintain the privacy of your information. We require those third-parties to use your information only for the limited purposes for which the disclosure is made and in accordance with this privacy policy. The frequency of any such information disclosure will vary in accordance with our business needs.
We Will Not Provide Your Information to Non-Affiliated Third-Parties for Marketing Purposes. We will not provide your information to any third-party for its use in connection with mailing lists or marketing purposes, other than those parties that we retain to conduct our mailings, surveys, contests, or marketing campaigns, or who act on our behalf.
We May Use Your Information to Send You Our Marketing and Service Related Information. We may send you marketing and informational materials from us or on behalf of our business affiliates or partners. If you do not wish to receive marketing or informational materials from us or our partners, please let us know by sending us a written request, including you name, address, and account number to the address listed on this notice.
Disclosure Policies
We Treat Your Information as Confidential. We treat the information we maintain about you as confidential and take precautions to prevent unauthorized access to your information.
We May Disclose Aggregate, Anonymous Information. We may disclose aggregate, anonymous information (i.e., information that does not reveal your name and address in connection with your general viewing or usage habits or any other transactions made using our Services that are personally indefinable to you) collected from our Services. This aggregate, anonymous information cannot be linked to you or any other individual.
We May Disclose Your Information if Required To Do So for Law Enforcement Purposes. We may disclose your information, including your name, address, email address, and other information, to a government entity if required to do so pursuant to law and as otherwise provided in the Acceptable Use Policy.
We May Disclose Your Information for Certain Other Purposes. We may disclose your information, including your name, address, email address, and other information to other system administrators at other Internet service providers or other network or computing facilities if necessary pursuant to our Acceptable Use Policy or in response to emergency conditions such as imminent threat to life or damage or destruction of property.
Limitations on Disclosures If you wish to prohibit or limit our disclosure of your information, you must notify us in writing at privacy@cox.com, and include your name, address, account number, and the information that you do not wish to be disclosed. Please note that we still may be required to disclose certain information if required to do so by law.
Retention
We maintain your information in our regular business records as long as you are a customer and for a longer time if necessary for our business purposes. Unless a court has asked us for access to this information, we will destroy it once it is no longer necessary for our business purposes.
Inspection
We will make personally identifiable information about you contained in our business records available to you within ten (10) days of our receipt of your written request to examine such information. You may only inspect records containing information about you. You are responsible for the cost of copying any documents you request. We will make this information available during normal business hours at the Cox office listed on the front cover of this notice, and will give you an opportunity to correct any error in the information we maintain.
Other Issues to Beware of - When you travel across the Internet, you may come across the following:
Spam - We do not condone or encourage the sending of unsolicited email, often called spam. Although we take steps to block spam from coming onto our network, no spam prevention method can stop all spam. You can help reduce the amount of spam you receive by not posting your email address on Internet news groups and message boards, and by not providing it to services that are unknown to you.
Cookies - Websites may use cookies to provide you with customized services and other features to enhance your experience. A cookie is a small amount of data that is sent to your browser by a website and is stored on your computer's hard drive that may contain data that allows that website to identify you. A cookie cannot read unrelated data off your hard drive. Every website you visit, and the advertisers on that website, can send cookies to your browser if your browser's preferences allow it. Although cookies can help websites provide you with customized features, they may also allow your activities and choices to be tracked. If you are concerned about cookies you may opt out of major advertising networks use of cookies at http://www.networkadvertising.org/optout_nonppii.a sp or you may disable cookies on your browser as follows:
Internet Explorer (IE) users:
On the main toolbar of your browser, go to View (IE 4.0 or earlier) or Tools (IE 5.0 or later):

Select "Internet Options"
Go to the "Security" tab
IE 4.0 or earlier, look for "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
IE 5.0 or later select "custom level", scroll down to "cookies" and select "enable" or "prompt" to enable cookies or "disable" to disable cookies
Netscape users:
On the main toolbar of your browser:

Go to "edit"
Select "preferences"
On the left half of the window, select "advanced"
Select "accept all cookies" to enable cookies or "disable cookies" to disable cookies
Clear GIFs - Web pages may contain invisible electronic images, often called clear GIFs or web bugs, that allow third-parties to gather information about users who have visited the web page containing the clear GIF. Email you receive also may contain clear GIFs that may allow the sender to know if you have opened the email.
Malicious Activity - People with malicious intent may try to access or otherwise damage your computer when you are on the Internet. We therefore recommend that you take precautions to protect your computer when you are online. A firewall will help protect your system from attackers, and a virus checker will help prevent a virus from damaging your system.
Changes to this Policy
We may change this privacy policy from time to time to take into account new or changing circumstances. In the event that we change this privacy policy, we will provide you with written or electronic notice at least 30 days before the changes take effect. Any changes to this privacy policy will be prospective and will therefore not change the way we use information collected prior to the changed policy. Additionally, any written notices you provided to us regarding your preferences as to how we use your information will remain in effect.

This from "Cindy" a tech at Comcast. Background: I was set as static from day 1 by the tech who said there were problems with the DHCP server at the time. Now that its crunch time, I've been trying to convert to DHCP, but haven't been getting a lease. Found out that CC changed my cust id number, so I would have never gotten an IP until I called them. Hats off to Comcast for calling my house with a prerecorded message stating that I'm still using static and have a week to convert to DHCP, lest my connectivity will be dropped.

Anyway, in talking to Cindy tonight, I said, "I can't believe you guys are going after users with Linksys boxes!" She asked, "what do you mean 'going after'?" I said, "like, pulling the plug! I have one that does wireless so I can work on my laptop anywhere in the house, and now you guys want to chain me to my desk in my basement."

"Oh, I don't think that's what they meant. See, those little firewall boxes won't work with the new network because they're only static, and can't do DHCP at all, so you're box isn't going to work after we change over the network."

Customer: Hello?
Rep: Hello, sir, I'm doing a study for Comcast, and we'd like to offer you 2 free months of service if you would participate in a quick survey about your internet usage at home, so that we may better serve you in the future?
Customer: (Trying to figure out how far 2x$39.95 will go at the Golf Shop) Uh, sure, whatever.
Rep: Great! Question 1: Do you have more than one computer in your house connected to a cable modem?

Or better yet, kill service to a block of houses, and wait for the support calls to roll in. Yes sir, we'll have a technician come right out sir. He may need to have full access to your computer or computer(s), sir.

But, [not an expert, here] I had thought that one symptom of NAT was a plethora of high numbered ports being used.

But this practice really irks me.

As far as I'm concerned, just let the user pay for [bandwith + 1/latency]*connect_time.

If clients don't want to subscribe to your extra services, then don't try to browbeat them into it by saying that home-brewed services are "not allowed".

The first network service provider with a business model specifically designed to cater to the commoditization of the network will eventually make mincemeat of those providers that rely on heavy-handed tactics to force their customers into needless higher cost products.

It's like having to buy rust-proofing as part of your new car or an extended warranty on a piece of solid-state electronics - a complete rip-off.

Another consideration: How does the NAT box know where to send incoming replies?

It has a table in memory, it knows that port 63210 is connected to 192.168.1.20:571 , so when it sees packets coming into 63210, it sends them to 192.168.1.20:571. It has to have this table, because it needs to know what to do if another packet comes from 192.168.1.20:571, they have to be re-written in the same way.

Another consideration: How does the NAT box know where to send incoming replies? Isn't there something added to the IP header to indicate the internal source IP of the packet? I would think there would have to be. Could they scan packets for these identifying signatures?

The NAT box keeps track of open connections using source/dest ip/port pairs, making sure that the same set isn't used twice (if it were, then it will transparantely switch the source port). Hence Network Address Translation. Nothing needs to be added. NAT on a 2.4 kernel tries to change as little as possible, so the source port won't even change unless multiple internal hosts are accessing the same services on the same destination.

It is still possible to detect things by looking at traffic patterns, though. If you're using a firewall this won't happen, because there is only one computer to generate things. Unless multiple people use the same computer at once. Obviously there's no way for them to be sure this way.

You are right, but all of this can be fixed using a proxy server. Of cause you shouldn't forget to disable things like "x-forwarded-for". I think the simplest methode to find many NATs is to look for this high port nummbers like 64000 and up. The linux kernel can easily be patched to use other ports that doesn't smell like NAT but most people wouldn't alter the kernel to hide their NAT.
Some other writer suggested to use TCP sequence number prediction heurisitics to detect mulitple tcp stacks running behind a NAT. I think that could work at least with stupid NAT clients like windows, that doesn't use strong random numbers for the seq. number.What about a stealth NAT patch for the linux kernel ? It could rewrite the seq number, too, not only the ports. It also could use much more random ports to hide its activity. It could be also usefull to cheat os fingerprinting techs. Very likely the providers wouldn't suspect someone to run a NAT if they get windows 95/98 as a result of their os fingerprinting. Linux or any other unix os is much more suspicious.

Let's face it. If the terms of service say you can't connect multiple computers to the cable modem service, then you can't do it (legally, at least). If you don't like it, don't sign up.

Not necessarily. FCC regulations state that once the cable is in your house, the cable company has no say as to what happens (over and above saying you can't get services you don't pay for, like HBO). I don't know if the digital side of this has been tested in court yet or not.